{% extends "base.html" %}
{% block page_title %}API{% endblock %}
{% block content %}
  <div id="featured-projects">
    <h4>HTTP GET</h4>
    <p>You can use HTTP <b><i>GET</i></b>
      to get recent hijacking alarms (or anomalous). The HTTP response message contains
      information of the hijacking alarms (or anomalous UPDATEs), formatted in json.
      For each entry, the following attributes are given:</p>
    <p><ul>
      <li><b>timestamp</b>: the start time (UNIX timestamp) of the hijacking event.</li>
      <li><b>prefix</b>: the hijacked IP prefix.</li>
      <li><b>bad_path_segment</b>: the anomalous AS neighbor (or policy),
        it is empty if the hijacking update has an anomalous origin AS.</li>
      <li><b>bad_origin</b>: the anomalous origin AS, it 
        is empty if the hijacking update does not have an anomalous origin.</li>
      <li><b>origin</b>: the regular origin AS, it is empty
        if the hijacking update does not have an anomalous origin.</li>
      <li><b>uri</b>: the resource uri of the detail information about this
        hijacking/anomaly event.</li>
    </ul></p>
    For example:
    <ul>
      <li><a href="/api/alarms/" target="_blank">/api/alarms/</a>
        returns recent 10 hijacking alarms,</li>
      <li><a href="/api/anomalous/" target="_blank">/api/anomalous/</a>
        returns recent 10 anomalous UPDATEs.</li>
    </ul>
    Besides, you can get history records by indicating a starting and ending index
    (<b>100</b> entries at most for each query):
    <ul>
      <li><a href="/api/alarms/100,123/" target="_blank">/api/alarms/100,123/</a>
        returns 23 hijacking alarms,</li>
      <li><a href="/api/anomalous/200,234/" target="_blank">/api/anomalous/200,234/</a>
        returns 34 anomalous UPDATEs.</li>
    </ul>
    <p>Attention: each IP address can only access these APIs <b>1/second</b>!</p>
  </div><!--end featured-projects-->
  <div id="featured-projects">
    <h4>HTTP Subscribe</h4>
    <p>You can also subscribe our hijacking alarms. Every time there is a
    hijacking alarm, Argus will notify all subscribers via HTTP <b><i>POST</i></b>.
    In this case, you need to keep listening on port 80 in your server. The
    POST data is also formatted in json and has six fields for each
    hijacking alarm: timestamp, prefix, origin, bad_origin, bad_path_segment,
    url.</p>
    <p>To subscribe our alarms, you need to provide the following information <a
      href="mailto:xiangy08@csnet1.cs.tsinghua.edu.cn" title="mail to me">to us</a>:
    <ul>
      <li>Your name</li>
      <li>Your affiliation</li>
      <li>The url of your API</li>
      <li>something about your project</li>
    </ul></p>
  </div><!--end featured-projects-->
{% endblock %}

